OpenCloudOS-Kernel/drivers
Jonathan Salwan 542db01579 drivers/cdrom/cdrom.c: use kzalloc() for failing hardware
In drivers/cdrom/cdrom.c mmc_ioctl_cdrom_read_data() allocates a memory
area with kmalloc in line 2885.

  2885         cgc->buffer = kmalloc(blocksize, GFP_KERNEL);
  2886         if (cgc->buffer == NULL)
  2887                 return -ENOMEM;

In line 2908 we can find the copy_to_user function:

  2908         if (!ret && copy_to_user(arg, cgc->buffer, blocksize))

The cgc->buffer is never cleaned and initialized before this function.
If ret = 0 with the previous basic block, it's possible to display some
memory bytes in kernel space from userspace.

When we read a block from the disk it normally fills the ->buffer but if
the drive is malfunctioning there is a chance that it would only be
partially filled.  The result is an leak information to userspace.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-07-03 16:07:25 -07:00
..
accessibility
acpi Merge branch 'x86-ras-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-07-02 16:30:46 -07:00
amba
ata libata-acpi: add back ACPI based hotplug functionality 2013-06-25 00:51:33 +02:00
atm
auxdisplay
base firmware loader: fix another compile warning with PM_SLEEP unset 2013-06-25 21:04:22 -07:00
bcma
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-02 09:28:37 -07:00
bluetooth Bluetooth: btmrvl: fix thread stopping race 2013-06-13 13:05:40 -04:00
bus ARM SoC device tree changes 2013-07-02 14:23:01 -07:00
cdrom drivers/cdrom/cdrom.c: use kzalloc() for failing hardware 2013-07-03 16:07:25 -07:00
char Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-03 09:10:19 -07:00
clk ARM SoC late changes 2013-07-02 14:42:51 -07:00
clocksource Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2013-07-03 09:46:29 -07:00
connector
cpufreq ARM SoC driver specific changes 2013-07-02 14:33:21 -07:00
cpuidle ARM SoC specific changes 2013-07-02 13:43:38 -07:00
crypto ARM SoC driver specific changes 2013-07-02 14:33:21 -07:00
dca
devfreq
dio
dma drivers/dma/pl330.c: fix locking in pl330_free_chan_resources() 2013-07-03 16:07:22 -07:00
edac Finally eradicate CONFIG_HOTPLUG 2013-06-03 14:20:18 -07:00
eisa
extcon extcon: Palmas Extcon Driver 2013-06-17 16:08:36 -07:00
firewire
firmware Merge 3.10-rc6 into driver-core-next 2013-06-17 16:57:20 -07:00
fmc FMC: fix error handling in probe() function 2013-06-24 16:23:25 -07:00
gpio Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-07-02 16:14:35 -07:00
gpu Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-02 09:28:37 -07:00
hid HID: multitouch: prevent memleak with the allocated name 2013-06-12 11:13:38 +02:00
hsi
hv drivers: hv: allocate synic structures before hv_synic_init() 2013-06-24 16:24:17 -07:00
hwmon hwmon: (adm1021) Strengthen chip detection for ADM1021, LM84 and MAX1617 2013-06-07 12:29:31 -07:00
hwspinlock
i2c ARM SoC specific changes 2013-07-02 13:43:38 -07:00
ide
idle
iio staging:iio:adis16130: Move out of staging 2013-06-11 20:34:36 +01:00
infiniband Merge branches 'iser' and 'qib' into for-next 2013-06-04 17:06:46 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2013-06-23 16:12:46 -10:00
iommu Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-07-02 16:15:23 -07:00
ipack
irqchip Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-07-02 16:14:35 -07:00
isdn
leds drivers/leds/leds-ot200.c: fix error caused by shifted mask 2013-05-24 16:22:51 -07:00
lguest x86, flags: Rename X86_EFLAGS_BIT1 to X86_EFLAGS_FIXED 2013-06-25 16:25:32 -07:00
macintosh
mailbox mailbox/omap: move the OMAP mailbox framework to drivers 2013-06-11 11:41:51 -05:00
md A few bugfixes for md 2013-06-13 10:13:29 -07:00
media ARM SoC specific changes 2013-07-02 13:43:38 -07:00
memory memory: tegra30-mc: Fix IRQ handler. 2013-06-17 16:46:06 -07:00
memstick
message
mfd Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-07-02 16:14:35 -07:00
misc Driver core patches for 3.11-rc1 2013-07-02 11:44:19 -07:00
mmc Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2013-07-03 09:46:29 -07:00
mtd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-03 09:10:19 -07:00
net Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-03 09:10:19 -07:00
nfc
ntb
nubus
of PM voltage domain clean-up via Kevin Hilman <khilman@linaro.org>: 2013-06-20 16:41:37 +02:00
oprofile
parisc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-03 09:10:19 -07:00
parport parisc: parport0: fix this legacy no-device port driver! 2013-06-01 14:46:42 +02:00
pci Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-03 09:10:19 -07:00
pcmcia Driver core patches for 3.11-rc1 2013-07-02 11:44:19 -07:00
pinctrl ARM SoC late changes 2013-07-02 14:42:51 -07:00
platform x86 / platform / hp_wmi: Fix bluetooth_rfkill misuse in hp_wmi_rfkill_setup() 2013-06-01 23:51:48 +02:00
pnp isapnp: switch to fixed_size_llseek() 2013-06-29 12:57:48 +04:00
power Last minute one-liners: wrong kfree usage fix, module alias fixup and 2013-05-25 20:32:49 -07:00
pps
ps3
ptp build some drivers only when compile-testing 2013-06-24 16:41:32 -07:00
pwm
rapidio rapidio/tsi721: fix bug in MSI interrupt handling 2013-05-24 16:22:51 -07:00
regulator ARM SoC device tree changes 2013-07-02 14:23:01 -07:00
remoteproc mailbox/omap: move the OMAP mailbox framework to drivers 2013-06-11 11:41:51 -05:00
reset
rpmsg
rtc imx soc changes for 3.11: 2013-06-20 02:15:45 +02:00
s390 netiucv: Hold rtnl between name allocation and device registration. 2013-06-13 17:41:18 -07:00
sbus
scsi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-03 09:10:19 -07:00
sfi
sh
sn
spi ARM SoC specific changes 2013-07-02 13:43:38 -07:00
ssb
ssbi Cleanups for MSM for 3.11 2013-06-14 18:28:02 -07:00
staging Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-03 09:10:19 -07:00
target iscsi-target: Remove left over v3.10-rc debug printks 2013-06-20 16:47:41 -07:00
tc
thermal thermal: exynos: Support both EXYNOS4X12 SoCs 2013-06-19 01:31:50 +09:00
tty Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-07-03 09:10:19 -07:00
uio drivers: uio_pdrv_genirq: Use of_match_ptr() macro 2013-06-25 17:22:30 -07:00
usb ARM SoC late changes 2013-07-02 14:42:51 -07:00
uwb USB: HWA: fix device probe failure 2013-06-24 16:20:43 -07:00
vfio vfio: remap_pfn_range() sets all those flags... 2013-06-29 12:46:41 +04:00
vhost vhost: fix ubuf_info cleanup 2013-06-11 02:46:21 -07:00
video Merge branch 'for-3.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq 2013-07-02 19:53:30 -07:00
virt
virtio
vlynq
vme vme: vme_tsi148.c: fix error return code in tsi148_probe() 2013-06-24 16:23:25 -07:00
w1 w1: add family based automatic module loading 2013-06-03 14:09:14 -07:00
watchdog ARM SoC specific changes 2013-07-02 13:43:38 -07:00
xen xen/tmem: Don't over-write tmem_frontswap_poolid after tmem_frontswap_init set it. 2013-06-10 10:14:33 -04:00
zorro zorro: switch to fixed_size_llseek() 2013-06-29 12:57:28 +04:00
Kconfig FMC: create drivers/fmc and toplevel Kconfig question 2013-06-17 16:38:57 -07:00
Makefile FMC: create drivers/fmc and toplevel Kconfig question 2013-06-17 16:38:57 -07:00